• Oversee our security engineering and compliance functions within our technology division
• Develop and implement cloud security strategies to ensure secure deployment, monitoring, and management of cloud-based infrastructure (AWS, Azure, GCP).
• Collaborate with IT infrastructure teams to ensure network security, endpoint security, and data protection controls are effectively implemented.
• Manage cloud identity and access management (IAM) policies, ensuring least privilege access principles are enforced.
• Implement, and manage an enterprise-wide information security strategy and roadmap aligned with business objectives.
• Provide leadership and direction to the cybersecurity team and collaborate with business units to embed security best practices across the organization.
• Lead the development and enforcement of policies, procedures, and standards to ensure compliance with regulatory requirements (e.g., HIPAA, HITRUST, ISO 27001, NIST, PCI-DSS, SOC 2).
• Conduct regular security risk assessments and oversee remediation efforts to address vulnerabilities and compliance gaps.
• Ensure responsible AI governance by implementing ethical guidelines and compliance measures for AI-driven security solutions.
• Manage security audits and assessments, ensuring proper governance models are in place to meet industry standards.
• Establish metrics and reporting frameworks to communicate risk posture and security performance to the board of directors and executive leadership.
• Establish a Security Operations Center (SOC) to monitor, detect, and respond to security threats in real-time.
• Lead the organization's incident response strategy, including investigation, containment, and recovery from security breaches.
• Collaborate with legal, HR, and other business units to support forensic investigations and legal proceedings related to security incidents.
• Oversee security evaluations of third-party vendors, partners, and service providers to ensure adherence to security policies and compliance requirements.
• Manage contracts and service-level agreements with Managed Security Service Providers (MSSPs) and other security vendors.
• Oversee out SRE, Infrastructure, Application Administration, and desktop/system support functions within our technology division
• Lead the design, implementation, and maintenance of a highly available, scalable, and resilient infrastructure.
• Develop and execute an infrastructure roadmap that aligns with business and technology goals.
• Oversee cloud and on-premises infrastructure, ensuring cost optimization, performance, and reliability.
• Partner with development teams to drive best practices in infrastructure design and cloud-native architecture.
• Maintain and improve Infrastructure as Code (IaC) practices using Terraform, CloudFormation, or similar tools.
• Work closely with engineering teams to embed AI models into application workflows for improved performance, scalability, and cost
• Define and implement SRE best practices to ensure system reliability, observability, and performance.
• Own the developer experience agenda and partner with engineering leaders to implement best practices and tool like DevOps, CI/CD, and other Gen/AI tools along with implementation of DORA metrics
• Establish Service Level Objectives (SLOs) and Service Level Indicators (SLIs) to measure and improve system health.
• Develop automated monitoring, alerting, and incident response processes to reduce Mean Time to Detect (MTTD) and Mean Time to Resolve (MTTR).
• Enhance system performance and capacity planning through proactive scaling and resource optimization.

Required Qualifications:

​

• BS in Computer Science, Engineering, Cybersecurity or a related field
• Minimum of 10+ years of experience in information security and infrastructure with at least 5 years in a senior leadership role.
• Minimum of 5+ years of experience in developing and implementing SRE functions to manage both On-Prem and Cloud infrastructure including FinOps Management, DevOps, CI/CD, System engineering.
• Extensive experience in cybersecurity strategy, risk management, and governance frameworks.
• In-depth knowledge of security regulations, compliance frameworks, and industry standards (HIPAA, HITRUST, NIST, ISO 27001, PCI-DSS, SOC 2).
• Strong hands-on experience in securing enterprise infrastructure, including networks, cloud platforms (primarily AWS), data centers, and endpoint security solutions.
• Expertise in security technologies, including SIEM, EDR/XDR, vulnerability management, intrusion detection/prevention systems (IDS/IPS), and next-gen firewalls.
• Proven experience designing and implementing security controls in cloud environments, containerized applications, and DevSecOps workflows.
• Knowledge of networking (TCP/IP, load balancing, DNS, VPNs) and infrastructure security best practices.
• Demonstrated ability to manage security incidents, forensic investigations, and threat intelligence programs.
• Experience leading large-scale security transformation projects and security operations center (SOC) initiatives.
• Deep understanding of IAM solutions, Zero Trust Architecture, micro-segmentation, and data loss prevention (DLP) strategies.
• Experience managing cybersecurity budgets, vendor relationships, and security investments.
• Excellent communication, leadership, and stakeholder engagement skills, with the ability to translate technical security risks into business terms.

​

Preferred Qualifications:

​

• Industry certifications such as CISSP, CISM, CISA, GIAC, CCSP, or CRISC highly desirable.

The actual salary an employee can expect to receive, plus bonus pursuant to the terms of any bonus plan if applicable, will depend on experience, seniority, geographic location, and other factors permitted by law. To review benefits, please visit https://bluehealthintelligence.com/about-bhi/careers/

​

Base salary range: 220k - 275k

​

Equal Employment Opportunity It is the policy of BHI to provide equal employment opportunity and advancement opportunities to all colleagues and qualified applicants for employment without regard to race, color, religion, national origin, sex, age, disability, sexual orientation, gender identity, or any other classification protected by the federal, state or local laws.